<?php
class SaveGrant extends Action {
	/*
	 * (non-PHPdoc) @see Action::execute()
	 */
	public function execute($params) {
		$me = check_login ( ADMIN_LOGIN_PAGE );
		if (! icando ( 'grant', 'user' )) {
			Response::errorPage ( '你无权进行系统授权', $this->referer, 15 );
		}
		$data = array ('success' => false );
		$type = rqst ( 'type' );
		$uid = irqst ( 'uid' );
		$res = rqst ( 'res' );
		$op = rqst ( 'op' );
		if (! empty ( $type ) && ! empty ( $uid ) && ! empty ( $res ) && ! empty ( $op )) {
			$rbac = get_rbac_driver ();
			$rst = false;
			if (rqset ( 'extra' )) { // 额外信息
				$extra = rqst ( 'extra' );
				$rst = $rbac->setExtra ( $op, $res, $uid, $type, $extra );
			} else {
				$priority = irqst ( 'priority', 9999 );
				$allow = irqst ( 'allow', - 1 );
				if ($allow == - 1) {
					$rst = $rbac->revoke ( array ($op ), $res, $uid, $type );
				} else {
					$rst = $rbac->grant ( array ($op => $allow ), $res, $uid, $type, $priority );
				}
			}
			if ($rst) {
				$data ['success'] = true;
				$data ['allow'] = $rbac->icando ( $op, $res, $uid, $type, true );
			} else {
				$data ['msg'] = '授权失败.';
			}
		} else {
			$data ['msg'] = '错误的参数.';
		}
		return new JsonView ( $data );
	}
}